User manual
Managing System and Station Security
Rev 1.1.0 User Manual 75
Security Modes: Authentication and Encryption Methods
The following are the different combinations of security modes.
Authentication Combinations
WS410 allows authentication of various types and in various combinations.
• The basic 802.11 authentications are Open (none) and Shared Key. In Shared Key
Authentication, the WEP key is used as the shared key.
If the SSID is configured to Open + Shared Key, this means that both types of clients can
associate to the AP. This can be useful when the IT has another mechanism to determine
the capabilities or authentication of users in terms of his overall network, e.g. Capture
Portal. There may be legacy clients that try to authenticate with Shared Key while others
try to authenticate with Open. It is assumed that the encryption in this case is WEP but
WS410 does not force this.
• In WPA, it is assumed that the basic 802.11 authentication is Open. WPA defines advanced
authentications, either PSK (Pre-Shared Key) or RADIUS. In both cases, the initial keys
(for broadcast and for unicast traffic) are determined during the last phase of the
authentication.
When RADIUS Authentication is used, the RADIUS can determine the VLAN that the user
gets (we support multiple VLANs per SSID), if the IT wants it.
• WS410 has the capability to have SSIDs that support both RADIUS and PSK
authentication. The exact method is decided according to the packet that comes from the
client. If multiple VLANs are defined over this SSID, a client that is authenticated using
Security
Mode
Authentication Mode Encryption Mode
None Open system None
WEP
• Open system
• Shared key
• Open system + Shared
key
• WEP/40
• WEP/104
WPA
• PSK (Pre-shared key)
• Radius
• PSK + Radius
• TKIP
• TKIP+WEP/40
• TKIP+WEP/104